From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44921)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1WInQq-0004vF-OA
	for qemu-devel@nongnu.org; Wed, 26 Feb 2014 17:58:34 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1WInQl-0006l2-CX
	for qemu-devel@nongnu.org; Wed, 26 Feb 2014 17:58:28 -0500
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <530E7189.7060205@redhat.com>
Date: Wed, 26 Feb 2014 23:58:17 +0100
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <1393454861-24705-1-git-send-email-peter.maydell@linaro.org>
In-Reply-To: <1393454861-24705-1-git-send-email-peter.maydell@linaro.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] tests/Makefile: Suppress format-security
 warnings on JSON tests
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>, qemu-devel@nongnu.org
Cc: qemu-trivial@nongnu.org, =?ISO-8859-1?Q?Andreas_F=E4rber?= <andreas.faerber@web.de>, patches@linaro.org

Il 26/02/2014 23:47, Peter Maydell ha scritto:
> Some of our test binaries programmatically generate JSON format
> strings to feed to qobject_from_json(). Since that function is
> marked with GCC_FMT_ATTR(), clang complains about this:
>  tests/test-qmp-input-visitor.c:76:35: warning: format string is not a
>  string literal (potentially insecure) [-Wformat-security]
>     data->obj = qobject_from_json(json_string);
>                                   ^~~~~~~~~~~

qobject_from_json shouldn't have a GCC_FMT_ATTR marker, only 
qobject_from_jsonf and qobject_from_jsonv.

qobject_from_json passes a NULL va_list*, and then parse_escape in 
qobject/json-parser.c returns NULL before calling va_arg.  Ultimately 
this produces a parse error.

Paolo

> Since these are only test cases and not potential attack vectors,
> the simplest approach is simply to suppress this particular
> compiler warning when compiling the relevant test cases.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> I couldn't think of a better way to do this...
>
>  tests/Makefile | 11 +++++++++++
>  1 file changed, 11 insertions(+)
>
> diff --git a/tests/Makefile b/tests/Makefile
> index b17d41e..496c02f 100644
> --- a/tests/Makefile
> +++ b/tests/Makefile
> @@ -146,6 +146,17 @@ check-qapi-schema-y := $(addprefix tests/qapi-schema/, \
>
>  GENERATED_HEADERS += tests/test-qapi-types.h tests/test-qapi-visit.h tests/test-qmp-commands.h
>
> +# These tests use the qobject_from_json() function with programmatically
> +# generated format strings; since this would otherwise trip clang's
> +# format-security warnings and these are only test binaries, disable
> +# the warnings when building them.
> +JSON_USERS=check-qjson \
> +           check-input-visitor \
> +           test-qmp-input-visitor \
> +           test-visitor-serialization
> +
> +$(JSON_USERS:%=tests/%.o): CFLAGS += -Wno-format-security
> +
>  test-obj-y = tests/check-qint.o tests/check-qstring.o tests/check-qdict.o \
>  	tests/check-qlist.o tests/check-qfloat.o tests/check-qjson.o \
>  	tests/test-coroutine.o tests/test-string-output-visitor.o \
>